Basically the following Registry hives are stored in the corresponding files:

+

to

−

* HKEY_USERS: \Documents and Setting\User Profile\NTUSER.DAT

+

−

* HKEY_USERS\DEFAULT: C:\Windows\system32\config\default

+

−

* HKEY_LOCAL_MACHINE\SAM: C:\Windows\system32\config\SAM

+

−

* HKEY_LOCAL_MACHINE\SECURITY: C:\Windows\system32\config\SECURITY

+

−

* HKEY_LOCAL_MACHINE\SOFTWARE: C:\Windows\system32\config\software

+

−

* HKEY_LOCAL_MACHINE\SYSTEM: C:\Windows\system32\config\system

+

−

===Windows 98/ME===

+

:To make the volume group known to the system

−

* \Windows\user.dat

+

:vgimport $VOLUMEGROUP

−

* \Windows\system.dat

+

?

−

* \Windows\profiles\user profile\user.dat

+

−

== Keys ==

+

vgexport makes volume groups ''unknown'' to the system, vgimport makes exported volumes ''known'' to the system. See also [http://www.tldp.org/HOWTO/LVM-HOWTO/recipemovevgtonewsys.html this]. You should also remember, that both vgexport/vgimport alter the data on the physical device. I also added "loop" option to the mount command example, since "-o ro" may alter the data in the file system (replay the journal, etc) [[User:.FUF|.FUF]] ([[User talk:.FUF|talk]]) 10:19, 7 May 2014 (CDT)

−

+

−

=== Run/RunOnce ===

+

−

System-wide:

+

−

<pre>

+

−

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+

−

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

+

−

</pre>

+

−

+

−

Per user:

+

−

<pre>

+

−

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+

−

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

+

−

</pre>

+

−

+

−

== Special cases ==

+

−

The Windows Registry has several special case scenarios, mainly concerning key and value name, that are easy to fail to account for:

+

−

* special characters key and value names

+

−

* duplicate key and value names

+

−

* the names when stored in extended ASCII (ANSI string) use a codepage that is dependent on the system settings

+

−

+

−

=== special characters key and value names ===

+

−

Both key and values names are case insensitive. The \ character is used as the key separator. Note

+

−

that the \ character can be used in value names. The / character is used in both key and value names.

* [http://www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/ntreg_readme.cfm ntreg] a file system driver for linux, which understands the NT registry file format.

+

−

+

−

===Freeware===

+

−

* [http://www.tzworks.net/prototype_page.php?proto_id=3 Yet Another Registry Utility (yaru)] Free tool that can be run on Windows, Linux or Mac OS-X. If run in admin mode, allows viewing of registry hives on live system.

+

−

+

−

* [http://www.tzworks.net/prototype_page.php?proto_id=14 Windows ShellBag Parser] Free tool that can be run on Windows, Linux or Mac OS-X.

Latest revision as of 15:19, 7 May 2014

Should we change

To make the volume group known to the system

vgexport $VOLUMEGROUP

to

To make the volume group known to the system

vgimport $VOLUMEGROUP

?

vgexport makes volume groups unknown to the system, vgimport makes exported volumes known to the system. See also this. You should also remember, that both vgexport/vgimport alter the data on the physical device. I also added "loop" option to the mount command example, since "-o ro" may alter the data in the file system (replay the journal, etc) .FUF (talk) 10:19, 7 May 2014 (CDT)